If you have installed the PayPal-targeting Trojan, we advise you to check your bank account for suspicious transactions and consider changing your internet banking password/PIN code, as well as Google Play, WhatsApp, Skype, Viber, and Gmail passwords. In case of unauthorized PayPal transactions, you can report a problem in PayPal’s Resolution Center.
If installed, there is no way a regular user could detect the Trojan.
The new Trojan targets Android users, and the malware combines the capabilities of a remotely controlled banking Trojan together with Android Accessibility services, to target users of the official PayPal app.
Currently the malware is masquerading as a battery optimization app, and is distributed via third-party app stores. Once the app is installed and upon execution, it disappears without leaving no trace. It even deletes the app icon.
From then on it awaits user to run the PayPal App. When the app is run, the Trojan interjects a dialog requesting permission in the form of innocuous-sounding “Enable statistics” service. Once the user opens the PayPal app and logs in, the malicious accessibility service (if previously enabled by the user) steps in and mimics the user’s clicks to send money to the attacker’s PayPal address. It is bit hungry Trojan, it asks for 1000 euros to be transferred. It might be other amounts and denominations based on locations.
The Trojan has more tricks up the sleeve, the second function utilizes phishing screens covertly displayed over targeted, five legitimate apps, Google Play, WhatsApp, Skype, Viber, and Gmail. The initial list can be dynamically updated at any moment attacking any app.
These Trojans also use Accessibility to thwart uninstallation attempts by repeatedly clicking the “Back” button whenever a targeted antivirus app or app manager is launched, or when strings suggesting uninstallation are detected in the foreground.
No comments:
Post a Comment